Privacy Policy
Last updated: 2 July 2026
This Privacy Policy explains how Ashley Bayes, trading as NavBuddy ("NavBuddy", "we", "us" or "our"), collects, uses and protects personal data when you use the NavBuddy iOS application (the "App") and any related services (together, the "Service"). It is written to comply with the UK General Data Protection Regulation as incorporated into UK law by the Data Protection Act 2018 ("UK GDPR"), the EU General Data Protection Regulation (Regulation (EU) 2016/679) ("EU GDPR") where applicable, and the Privacy and Electronic Communications Regulations 2003 ("PECR").
1. Who we are and how to contact us
The data controller responsible for your personal data is:
- Ashley Bayes, trading as NavBuddy (sole trader)
- 3 Woodside, Vigo, Gravesend, Kent, DA13 0SU, United Kingdom
- Email: ash@nav-buddy.com
- Telephone: +44 7525 071415
NavBuddy is not currently required to appoint a Data Protection Officer under Article 37 UK GDPR. For all privacy queries, including requests to exercise your rights under data protection law, please contact us at ash@nav-buddy.com.
Where required by law, we maintain registration with the UK Information Commissioner's Office.
2. Summary
NavBuddy is an anxiety-aware GPS navigation app for drivers. To deliver the Service we process: (a) your precise location while you navigate, on-device wherever possible; (b) account information you provide when signing in; (c) subscription and purchase information received from Apple; (d) limited diagnostic and crash data; and (e) device identifiers used to deliver push notifications. We do not sell your personal data, we do not show advertising in the App, and we do not use your data to build advertising profiles.
3. Personal data we collect
3.1 Account data
When you create a NavBuddy account we process your email address, a unique authentication identifier issued by our authentication service, the date your account was created, and (if you choose to provide one) a display name. If you sign in with Apple, we receive a privacy-preserving Apple relay email rather than your real address.
3.2 Location data
The App requests "When In Use" location permission to provide turn-by-turn driving guidance. While you are navigating, GPS coordinates, heading, speed and altitude are processed on your device to compute your route, generate voice prompts and detect off-route conditions. We do not upload raw GPS location traces to our servers. When you complete a drive, a summary record of that drive is stored against your account as described in section 3.4 below.
3.3 Subscription and purchase data
When you purchase a NavBuddy subscription, the App Store processes the payment and shares with us only the information needed to verify your subscription: the product identifier, transaction identifier, original purchase date, expiration date, and renewal status. We do not receive your payment card details, billing address or Apple ID.
3.4 Drive activity data
To enforce the lifetime allowance of two free drives before the paywall, to unlock stages of the Gradual Exposure course, and to show your drive history and progress across your devices, we store a record of each completed drive against your account. Each record contains: the course tier, the date and time the drive was completed, whether it was completed, the distance and duration, the destination name you searched for (where available), and summary statistics such as roundabouts navigated, motorway segments driven, traffic encounters and whether it was a night drive. We do not store the origin of your journey, the route taken, or any raw GPS trace on our servers. You can delete your drive history at any time by deleting your account (see section 9).
3.5 Device and diagnostic data
If the App crashes, we receive standard diagnostic information through a crash-reporting service, including device model, iOS version, an anonymised installation identifier, the crash stack trace and the state of the App immediately before the crash. We do not run analytics, advertising or behavioural-tracking tools in the App.
3.6 Push notification tokens
If you grant notification permission, the operating system issues a device token to the App, which we store in order to send you transactional and service-related notifications (for example, drive reminders or service announcements). The token is a pseudonymous identifier tied to your device and current installation.
3.7 Support correspondence
If you contact us by email or via the in-app feedback form, we process the contents of your message, your email address and any attachments you choose to send.
4. Special category data and children
NavBuddy is designed to help anxious drivers, but we do not ask you to provide, and we do not knowingly process, health data or other special category data within the meaning of Article 9 UK GDPR. The Service is not directed at children. We do not knowingly collect personal data from anyone under the age of 16. If you believe a child has provided us with personal data, please contact us and we will delete it.
5. Purposes and lawful bases for processing
We process your personal data on the following lawful bases under Article 6(1) UK GDPR:
- Performance of a contract (Article 6(1)(b)): to create and authenticate your account, deliver navigation and the Gradual Exposure course, sync your drive history and progress across your devices, process your subscription, enforce free-drive limits and provide customer support.
- Legitimate interests (Article 6(1)(f)): to keep the Service secure, prevent fraud and abuse of the free-drive allowance, fix crashes and improve reliability through aggregate diagnostic data. We have balanced our interests against your rights and consider that this processing is proportionate. You have the right to object at any time on grounds relating to your particular situation.
- Consent (Article 6(1)(a)): to send push notifications and to access your precise location. You can withdraw consent at any time in iOS Settings without affecting the lawfulness of processing carried out beforehand.
- Legal obligation (Article 6(1)(c)): to retain records of subscription transactions for tax and accounting purposes and to respond to lawful requests from competent authorities.
6. Who we share your data with
We share personal data only with the following categories of recipients, each acting either as a processor on our behalf or as an independent controller for limited purposes:
- The App Store — payment processing, subscription management, push notification delivery, and platform-level crash and security reporting.
- Account and database infrastructure — cloud services we use to authenticate your sign-in, store your account information, validate your subscription server-side, and deliver push notifications, acting as our processors.
- Crash and diagnostic services — a crash-reporting service that receives anonymised diagnostic data when the App crashes, acting as our processor.
- Mapping and navigation providers — map data and route calculation; coordinate requests are processed in order to return map and route information.
- Professional advisers — our accountants and legal advisers, bound by duties of confidentiality, where reasonably necessary.
- Competent authorities — where we are required to disclose data by law, court order or to defend our legal rights.
We do not sell personal data and we do not share personal data for cross-context behavioural advertising. A current list of the specific service providers we use, together with their data-protection arrangements, is available on request at ash@nav-buddy.com.
7. International transfers
Some of our service providers are headquartered outside the United Kingdom and the European Economic Area, including in the United States, and may process personal data in those countries. Where personal data is transferred outside the UK, we rely on:
- the UK International Data Transfer Addendum to the EU Standard Contractual Clauses, or the EU Standard Contractual Clauses themselves where the EU GDPR applies; and/or
- the UK Extension to the EU–US Data Privacy Framework and/or the EU–US Data Privacy Framework where the recipient is certified.
You can obtain a copy of the safeguards in place by contacting us at ash@nav-buddy.com.
8. Retention
We retain personal data only for as long as is necessary for the purposes set out in this Policy:
- Account data: for the duration of your account, plus up to 30 days after deletion to allow for backup rotation.
- Subscription transaction records: for up to six years, to comply with applicable tax and accounting obligations.
- Drive records: for the duration of your account.
- Crash logs: 90 days from receipt.
- Push notification tokens: until the token is invalidated by Apple or you uninstall the App.
- Support correspondence: 24 months from the last interaction, unless required for longer to resolve a dispute.
9. Your rights
Under the UK GDPR you have the right to:
- request access to the personal data we hold about you (Article 15);
- request rectification of inaccurate or incomplete data (Article 16);
- request erasure of your data (Article 17), subject to the exceptions in that Article;
- request restriction of processing (Article 18);
- receive your data in a portable, machine-readable format (Article 20);
- object to processing carried out on the basis of legitimate interests (Article 21); and
- withdraw consent at any time where processing is based on consent (Article 7(3)).
To exercise any of these rights, please email ash@nav-buddy.com. We will respond within one month of receipt, extendable by up to two further months for complex requests in accordance with Article 12(3). We may need to verify your identity before responding.
You can delete your account, including all associated personal data held by us on our servers, directly from within the App by going to Settings > Account > Delete Account. Deletion is irreversible. Please note that deleting your account does not automatically cancel any subscription purchased through Apple: auto-renewing subscriptions must be cancelled separately in your App Store account settings (Settings > Apple ID > Subscriptions), and Apple's refund policy applies to any unused portion of a paid period.
10. Right to complain
If you are unhappy with how we have handled your personal data, you can complain to the UK Information Commissioner's Office (ICO):
- Website: ico.org.uk/make-a-complaint
- Helpline: 0303 123 1113
- Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
If you are based in the European Economic Area, you may also complain to the supervisory authority in your country of residence.
11. Security
We implement appropriate technical and organisational measures under Article 32 UK GDPR, including industry-standard encryption of data in transit and at rest, principle-of-least-privilege access controls on our backend infrastructure, and prompt patching of dependencies. No system is perfectly secure; we will notify you and the ICO of any personal data breach where required under Articles 33 and 34 UK GDPR.
12. Cookies and similar technologies
The NavBuddy iOS App does not use cookies. The marketing website at the domain hosting this Policy uses only strictly necessary cookies required to serve the page; no analytics or advertising cookies are set.
13. Automated decision-making
We do not carry out solely automated decision-making producing legal or similarly significant effects within the meaning of Article 22 UK GDPR.
14. Changes to this Policy
We may update this Policy from time to time. The "Last updated" date at the top of this page indicates when it was last revised. Where changes are material, we will notify you in-app or by email before the changes take effect.
15. Contact
Questions about this Policy or our data practices should be sent to ash@nav-buddy.com.